Your message dated Wed, 13 May 2020 23:36:24 +0300 with message-id <[email protected]> and subject line Re: qemu-user-static.postinst script not executed in LXC/Docker containers has caused the Debian Bug report #868217, regarding qemu-user-static: Missing binfmt.d files causing systemd-binfmt.service to die with `condition failed` to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 868217: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868217 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: qemu-user-static Version: 1:2.8+dfsg-6 Severity: normal Dear Maintainer, * What led up to the situation? Attempting to build an `arm32v7/debian` derivative image with Docker's distribution of docker-ce(which fails with out-of-the-box Debian 9). * Other symptoms: The systemd-binfmt.service file fails to activate properly due to the missing directory contents listed. ``` computermouth@desktop:~$ systemctl status systemd-binfmt ● systemd-binfmt.service - Set Up Additional Binary Formats Loaded: loaded (/lib/systemd/system/systemd-binfmt.service; static; vendor preset: enabled) Active: inactive (dead) since Thu 2017-07-13 00:06:51 PDT; 5s ago Condition: start condition failed at Thu 2017-07-13 00:06:51 PDT; 5s ago ├─ ConditionDirectoryNotEmpty=|/lib/binfmt.d was not met ├─ ConditionDirectoryNotEmpty=|/usr/lib/binfmt.d was not met ├─ ConditionDirectoryNotEmpty=|/usr/local/lib/binfmt.d was not met ├─ ConditionDirectoryNotEmpty=|/etc/binfmt.d was not met └─ ConditionDirectoryNotEmpty=|/run/binfmt.d was not met Docs: man:systemd-binfmt.service(8) man:binfmt.d(5) https://www.kernel.org/doc/Documentation/binfmt_misc.txt Process: 12402 ExecStart=/lib/systemd/systemd-binfmt (code=exited, status=0/SUCCESS) Main PID: 12402 (code=exited, status=0/SUCCESS) CPU: 0 ``` * What exactly did you do that was effective? Fedora 26 includes the following files with their qemu-user-static package: ``` qemu-aarch64-static.conf qemu-alpha-static.conf qemu-armeb-static.conf qemu-arm-static.conf qemu-cris-static.conf qemu-m68k-static.conf qemu-microblazeel-static.conf qemu-microblaze-static.conf qemu-mips64el-static.conf qemu-mips64-static.conf qemu-mipsel-static.conf qemu-mips-static.conf qemu-ppc64abi32-static.conf qemu-ppc64-static.conf qemu-ppc-static.conf qemu-s390x-static.conf qemu-sh4eb-static.conf qemu-sh4-static.conf qemu-sparc32plus-static.conf qemu-sparc64-static.conf qemu-sparc-static.conf ``` These files include the binfmt magic strings for instruction translation. I.e: ``` computermouth@desktop:/lib/binfmt.d$ cat qemu-arm-static.conf :qemu- arm:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00:\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfe\xff\xff\xff:/usr/bin/qemu- arm-static:F ``` I copied those to my Debian host and viola! I can now build Docker containers for different architectures. * Notes I can't seem to find the source for these files in either Debian's or Fedora's package source, nor in the upstream qemu source. -- System Information: Debian Release: 9.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) qemu-user-static depends on no packages. Versions of packages qemu-user-static recommends: ii binfmt-support 2.1.6-2 Versions of packages qemu-user-static suggests: ii sudo 1.8.19p1-2.1 -- no debconf information
--- End Message ---
--- Begin Message ---Version: 1:5.0-1 [Replying to an old bugreport] On Tue, 21 Aug 2018 16:45:40 +0200 bruno binet <[email protected]> wrote: > It seems that on debian, binfmt is not managed by systemd unit > systemd-binfmt.service but by binfmt-support.service instead, so the > "ConditionDirectoryNotEmpty was not met" sounds ok to me. That since has been changed, but we still have the same condition... > $ head /var/lib/dpkg/info/qemu-user-static.postinst > #!/bin/sh > set -e > # check if we're running inside an (lxc) container > # (we may copy or move this to the postinst script too, to skip installing > it) > grep -zqs ^container= /proc/1/environ && exit 0 > ``` > > So what is the reasoning behind this container check? and can we remove > this check or at least disable it for docker? > I guess if we install qemu-user-static in a docker container, we could > expect qemu binfmts to be correctly registered, right? binfmt is, as far as I can tell, a global thing. Registering something in a container means we change things for other containers too and in the host system as well. Initially registering a binfmt in an lxc container just failed - correctly - with EPRRM (permission denied) error, since it is definitely wrong to register binfmts inside single container since it affects whole system. See for example https://discuss.linuxcontainers.org/t/3-1-0-binfmt-support-service-in-unprivileged-guest-requires-write-access-on-hosts-proc-sys-fs-binfmt-misc/5249/7 It looks it is still the case now, binfmt can't be configured inside an nspawn container I just checked. Maybe this one is not sufficient, and lxc is different here, or something else needs to be done, I dunno. Either way, qemu-user-static now ships the binfmt config files in a directory where systemd expects to find them, we only omit the call to actual binfmt registration in postinst if a container is detected. How things are handled by systemd is a different story, I expect it to do a right thing wrt containers. Closing this bugreport now. Thanks, /mjt
--- End Message ---
